You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ garble version
mvdan.cc/garble v0.9.3
Build settings:
-buildmode exe
-compiler gc
CGO_ENABLED 1
GOARCH amd64
GOOS linux
GOAMD64 v1
$ go version
go version go1.20.3 linux/amd64
garble -literals build -ldflags="-X 'main.literal=THIS SHOULD BE OBFUSCATED'" -o main
I expected the resulting binary to contain an obfuscated variable due to the -literals flag, but inspecting the binary with strings includes the value "THIS SHOULD BE OBFUSCATED".
To reproduce:
// contents of main.gopackage main
import"fmt"varliteralstringfuncmain() {
fmt.Println(literal)
}
# contents of DockerfileFROM golang:1.20
RUN go version
RUN go install mvdan.cc/garble@v0.9.3
RUN garble version
WORKDIR /app
COPY main.go ./
RUN go mod init garble-obfus-issue && go mod tidy
RUN go env
RUN garble -literals build -ldflags="-X 'main.literal=THIS SHOULD BE OBFUSCATED'" -o main
RUN /bin/bash -c 'if [[ $(strings main | grep "THIS SHOULD BE OBFUSCATED" | wc -l) -eq 0 ]]; then echo "OK"; else echo "main.literal NOT OBFUSCATED"; exit 1; fi'
binsubstr main$exe 'v1.22.33' 'garble_replaced' # TODO: obfuscate injected strings too
.
It's not trivial because such literals are currently inserted at link time, well after garble's obfuscation at the source level has happened. To support this, we would have to stop passing the -X flags to the linker, inserting the string values ourselves - and obfuscating the literals in the process. Certainly doable, just not a few lines of code either. cc @lu4p
What version of Garble and Go are you using?
What environment are you running Garble on?
docker container linux/amd64 golang:1.20
go env
OutputWhat did you do?
garble -literals build -ldflags="-X 'main.literal=THIS SHOULD BE OBFUSCATED'" -o main
I expected the resulting binary to contain an obfuscated variable due to the
-literals
flag, but inspecting the binary withstrings
includes the value "THIS SHOULD BE OBFUSCATED".To reproduce:
Then run:
The Docker build fails, showing that the plain string was found in the binary rather than an obfuscated version.
What did you expect to see?
The Docker build should succeed, showing that the plain string was not found in the binary.
What did you see instead?
The Docker build failed, showing that the plain string was found in the binary.
The text was updated successfully, but these errors were encountered: